Re: [exim] exim meltdown

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: W B Hacker
Ημερομηνία:  
Προς: exim users
Αντικείμενο: Re: [exim] exim meltdown
Jeroen van Aart wrote:
> Yan Seiner wrote:
>> I use spamassassin, dspam, and exim. Somehow the mysql tables for dspam
>> got corrupted, and (apparently) exim was in an endless loop.
>>
>> I shut down dspam, spamassassin, exim, and repaired the mysql tables,
>> and all is well....
>
> It may pay off to consider separating spam filtering and MTA into
> different boxes. And perhaps removing the added complexity of a database
> "backend".
>


"Wise" filtering doesn't have to be all that resource-intensive.

I have SA thresholds of:

1.2 (spamint 12) to insert a warning header my MUA can filter on

1.6 (spamint 16) to insert *Suspect* header and divert to quarentine

4.3 (spamint 43) to deny the message altogether.

Why so low, compared to 'stock' SA thresholds?

Exim, running fast compiled 'C' and with clever caching and hints about
lookups, does every test that it can do related to TCP/IP, DNS, rDNs,
RBL checks, HELO matchup, correct use of protocols and formats.

ClamAV's clamd, which is far faster than SA, gets the next shot.

Every test SA would 'offer' to make has been weighed for its actual value.

- As many as possible were moved into Exim, such as all manner of DNS
and RBL checking.

- Many have simply been switched-off (Bayesian, to name one)

Most of what was removed did not do header/body/attachment pattern
analysis - and I ask Exim to do only the minimum of that (RFC format
correctness - never perl scripts).

Most of what is left in SA *does* do body analysis. And not much else.
Hence the fit to reduced threshold scores.

By booting the zombots mostly in acl_smtp_connect, and certainly before
they ever reach acl_smtp_data, CPU cycles are saved, memory needs are
reduced, and a great deal of disk space and disk I/O avoided outright.

Not to mention portal-to-portal transit time. And heat.

Now if you want to *play* with spam and brag about how much of it you
'handle', and how clever the regexp, perl-snippet, tar-pit, munged mx
priority..

You will need a more powerful box. Or several...

Why would one want to brag about playing a game against a few lines of
zombot code - running on tens of millions of compromises computers -
that don't get tired? And don't care if you 'win'?

A zombot is just a high-speed idiot.


Bill

"Never argue with an idiot - they'll bring you down to their level then
beat you with experience."